Thursday, July 05, 2012

Interview with John H. Riley, Bloomsburg University of Pennsylvania

John, can you tell us something about your background and why you decided to teach digital forensics?

First, thanks for the opportunity to discuss our program. We're really proud of what we've accomplished here and believe we're contributing to the digital forensics community. I started as a mathematician (Ph.D., University of Connecticut, 1980) and then began to teach computer science as well as mathematics in the 1980s. I wrote two programming textbooks (Pascal, for the old timers). About six or seven years ago, my department was investigating majors that would be good for students. We decided upon computer forensics. It is an interesting, useful field of study that has worked really well for us and our students.

On the intellectual side, I find the whole issue of what information can be found and how it can be used to build a story quite fascinating. "Story" here means a narrative that shows what happened, in a rigorous sense (a la a mathematician's proof). As a professor, it's really fun to work with digital forensics students. Our curriculum has a lot of hands on work so we see our students really digging into things. The ultimate reward is seeing them graduate and begin work. I must note that I've had really great colleagues, particularly Scott Inch, to work with. I also am grateful to the larger forensics community for their help.

What digital forensic courses are currently offered by Bloomsburg University?

Introduction to Digital Forensics, File Systems 1 and 2, Digital Forensics Software, Advanced Topics in Digital Forensics, Small Devices Forensics, UNIX/Linux for Digital Forensics.

Tell us more about course structure and content. What core knowledge and key skills should students gain by the end of their studies?

The first five courses listed above (along with some computer science and other courses) form the backbone of our major. They cover the artifacts that can be found on a computer (and how they come to be), how the artifacts can be extracted in a forensically sound manner and how they can be linked together and presented or reported. As an example, students know why a deleted file may or may not be able to be recovered, how to use a tool like EnCase or FTK (or even a hex editor) to recover it, how it might be related to a link file or a registry entry, how to ensure its integrity after extraction using a hash function and how to include it in a report. We stress the importance of knowing how the computer is organizing files and generating artifacts so that what a tool produces is understood. Our graduates are prepared to defend their results. We also put this work in context. It's not just finding a deleted file, it's finding evidence which may change a person's life. So beyond knowledge and skills, we foster a sense of responsibility and integrity...


No comments: